[Owasp-board] Code of conduct for OWASP events
Tobias
tobias.gondrom at owasp.org
Sun Mar 1 09:47:49 UTC 2015
To strengthen the role and numbers of women in AppSec, should we
revive/continue and improve the marketing for our Women in AppSec program?
In the past we had this program and I believe it was a great idea.
Unfortunately our promotion of the program did not reach so many people
IMHO....
Would there be any volunteers to lead this effort?
Best regards, Tobias
On 28/02/15 05:16, Noreen Whysel wrote:
> I was at that panel at the joint cybersecurity conference in Brooklyn.
> In theory, it was a good idea. Highlight five women who were Chief
> Security Officers at their respective firms. In practice, it was not
> so great. It was held during lunch in a noisy gymnasium. The previous
> sessions had gone over time and food had not been set up so the panel
> had to start during a lot of clanging and ongoing conversation while
> people were on line. To top it off the person who introduced them said
> something to the effect of "We are going to see why women would want
> to go into cybersecurity..it isn't a vey glamorous career."
>
> The panel itself was very good. Quite impressive women with stellar
> backgrounds and a lot to say about strides they have made and the
> development of the industry itself. One of the women addressed the
> "glamour" question by stating that she felt it was indeed a glamorous
> field to be in, but I really took it as a calling out of the poor
> setup. By the end I feel that it had quieted enough to get something
> meaningful out of it, at least for me, but there were still many
> people who chatted with their lunch mates throughout the presentation.
> I blame the setting more than the introducer, btw.
>
> That said, quotas are really hard. In the end it all comes down to who
> submits. Best to strive toward encouraging as many talented women (and
> people of color) as possible to present. Speaker mentoring can be
> extremely helpful also. A lot of us, male and female, struggle with
> Imposter Syndrome so any support is always appreciated.
>
> Noreen Whysel
> Community Manager
> OWASP Foundation
>
> On Feb 27, 2015, at 10:16 AM, Helen Gao <helen.gao at owasp.org
> <mailto:helen.gao at owasp.org>> wrote:
>
>> Hi Andrew, Michael and the board.
>>
>> I don't know what made me to speak out twice in one day even though I
>> am not a board member. But I admire Andrew's effort of bring this
>> matter to the boardroom. The question of the desired percentage
>> reminds me of the 30% Club <http://30percentclub.org/>. It's launched
>> in the UK in 2010 with a goal of 30% women corporate boards by end
>> 2015. We shouldn't set a hard percentage risking the quality of
>> speakers, but the success of 30% Club did show the effectiveness of
>> goal setting.
>>
>> BTW, 3 OWASP chapters in the New York metropolitan area are
>> co-organizers of New York Metro Joint Cyber Security Conference 2015.
>> There was a well received panel discussion of female CISOs in last
>> year's conference. I expect to see more female participation this year.
>>
>> Regards,
>>
>> Helen
>>
>> On Fri, Feb 27, 2015 at 1:12 AM, Michael Coates
>> <michael.coates at owasp.org <mailto:michael.coates at owasp.org>> wrote:
>>
>> Andrew,
>>
>> (To address the policies comments)
>> Here are the conference speaker policies. These policies address
>> most of your comments already.We just need to make sure the
>> policies are visible on the conference website and not just on
>> the owasp wiki and also in our terms and contracts.
>>
>> https://www.owasp.org/index.php/Governance/Conference_Policies
>>
>> I'll fix AppSecUSA in just a moment.
>>
>> (Regarding diversity of speakers)
>> Agree that more diversity in submission is better than less.
>>
>> * Require conference committees to send out invitations to as
>> many women speakers as possible there is diversity in submissions.
>>
>> > I'm not sure what this means in practice. We're broadcasting out
>> CFP far and wide. Perhaps the community can create a google
>> spreadsheet with lists of ideas to advertise AppSec conferences.
>> We can then make it standard practice for conferences to
>> advertise CFP to everything on the list.
>>
>> * We should also help with helping folks create solid CFPs that
>> are more likely to succeed if submissions are to be chosen solely
>> by merit.
>>
>> > Certainly not against it. If a group wants to provide tips and
>> techniques to make better CFPs then that's great. I don't think
>> this should be a requirement or expectation of the conference
>> organizers. They already have plenty of items on their plate.
>>
>> * what is the desired percentage of talks that should be given by
>> women, how we will achieve that goal, and when shall we achieve
>> that goal?
>>
>> > Discussion is good. We should always select the best talks for a
>> conference. We should also always encourage a wide range of
>> people to submit talks and help them submit good talks. In
>> addition OWASP has such a range of speaking opportunities from
>> global conferences to regional and local events there are
>> numerous ways for people to build their speaking skills This
>> however is separate from target percentages which I don't believe
>> would have the net effect you're hoping for.
>>
>>
>>
>> --
>> Michael Coates | @_mwc
>> <https://twitter.com/intent/user?screen_name=_mwc>
>> OWASP Global Board
>> Join me at AppSecUSA <http://AppSecUSA.org> 2015 in San Francisco!
>>
>>
>>
>>
>> On Thu, Feb 26, 2015 at 7:13 PM, Andrew van der Stock
>> <vanderaj at owasp.org <mailto:vanderaj at owasp.org>> wrote:
>>
>> Hi folks,
>>
>> It's way, way, way past time for discussions to start as we
>> are running several global branded events in 2015 and NONE of
>> them have a code of conduct or anti-harrassment policy and
>> already two of our three or four events have either zero or
>> only one woman speakers, despite AppSec EU having over 120
>> CFP submissions.
>>
>> If you believe things are fine or that is just how our
>> industry is, that ship sailed back in 1950. Let's get to a
>> consensus and work towards fixing this problem.
>>
>> We have almost certainly started to sign up sponsors,
>> vendors, and CFPs are open, so we have to do something now
>> before we can't until 2016. Inaction allows the status quo to
>> thrive, and it's really unacceptable.
>>
>> LatAm Tour 2015: Speaker agreement: Nothing. No women speakers.
>> https://www.owasp.org/images/4/4f/AppSec_Latam_2015_Speaker_Agreement.pdf
>>
>> LatAm Tour 2015: Instructor agreement: Nothing. No women
>> instructors as far as I can tell
>> https://www.owasp.org/images/f/fa/LatamTour_2015_Training_Instructor_Agreement.pdf
>>
>> LatAm Tour 2015: Sponsor opportunities. Nothing
>> https://www.owasp.org/images/5/5f/Latam_Tour_2015_Sponsorship_Opportunities.pdf
>>
>> AppSec EU 2015: Nothing in our speaker, sponsor, or vendor
>> information. Just one woman co-speaker selected from 120
>> submissions. Really? In 2015?
>> http://2015.appsec.eu/wp-content/uploads/2014/12/AppSec-Eu_Research-2015_Amsterdam_Sponsor-document.pdf
>>
>> AppSecUSA 2015 code of conduct: Nothing.
>>
>> AppSecUSA 2015 vendor form: Nothing.
>> https://docs.google.com/forms/d/1Mh7PoELRg1fyc9NHQVrzHrmEh3yEh3qPljKa93oISjc/viewform
>>
>> AppSecUSA 2015 speaker agreement form: Nothing
>> https://2015.appsecusa.org/c/wp-content/uploads/2015/02/AppSec-USA-2015_Speaker-Agreement.pdf
>>
>> Maybe now you can see the problem. It shouldn't be up to the
>> organizers of each year to determine and include these
>> policies, they should be overlays for all our events, like
>> our Code of Ethics is.
>>
>> Despite all this doom and gloom, our anti-harassment policy
>> for OWASP AppSec USA 2014 is okay. It's not surprising that
>> there were women speakers at this event, but only just
>> barely: five women speakers out of 78 (6%), including Kate
>> who talked about starting a chapter. This is actually our
>> best representation for all the events I looked at.
>>
>> AppSecUSA 2014 Code of conduct:
>> https://www.owasp.org/index.php/AppSec_USA_2014/Conference_Policies#Anti_Harassment_Policy**
>>
>> It should be linked to in all speaker agreement, the vendor
>> and sponsorship agreements. I am very disappointed that none
>> of the events in 2015 seem to be using it.
>>
>> Other code of conducts you may be interested in:
>>
>> Linux.conf.au <http://Linux.conf.au> is the only global Linux
>> conference Linus attends every year.
>> http://linux.conf.au/cor/code_of_conduct
>>
>> Black Hat did not implode with this code of conduct:
>> https://www.blackhat.com/code-of-conduct.html
>>
>> KiwiCon's Code of Conduct is antipodean direct:
>> https://www.kiwicon.org/faq/code-of-conduct/
>>
>> They kicked out speakers Ben Nagy and the Grugq last year, so
>> it's not just ASCII art.
>>
>> I wanted to share with you BruCon's Code of Conduct as they
>> started with the Ada Initiative in 2013, and then modified it
>> after it was used against them.
>>
>> At the very least, I'm looking for the Board to discuss this
>> issue at our next Board meeting, and I'd like for us to vote
>> on the following as a package:
>>
>> * We make AppSec USA's 2014 Code of Conduct / Anti-harassment
>> policy the de facto starting point for all our conferences,
>> globally.
>>
>> * Adopt a reference in the standard OWASP Speaker's agreement
>> form that points to this policy
>>
>> * Add in a reference to the standard OWASP vendor / sponsor
>> agreement form that points to this policy, as well as
>> prohibiting sexualized staff members (booth babes and the
>> fictitious booth dudes).
>>
>> * Require the LatAm Tour, AppSec EU and AppSec US 2015
>> organisers to use these updated policies, which will almost
>> certainly entail getting back to the already chosen speakers,
>> sponsors and vendors and getting them to re-agree to it. As
>> it was already policy in 2014, this shouldn't be too much of
>> a stretch as it was most likely overlooked or forgotten.
>>
>> For AppSec USA 2015 and beyond, we really need to get them to
>> encourage submissions from women. If a conference gets zero
>> CFP submissions by women, you will have zero talks by women.
>> I do not believe for a second there are zero women in our
>> industry. We need to stop being passive about this, and start
>> recruiting women to submit talks.
>>
>> * Require conference committees to send out invitations to as
>> many women speakers as possible there is diversity in
>> submissions.
>>
>> * We should also help with helping folks create solid CFPs
>> that are more likely to succeed if submissions are to be
>> chosen solely by merit. I don't think this should be
>> restricted to just women, but should also include first time
>> speakers, who often struggle to get their first speaking gig
>> at a large conference.
>>
>> I would like to get us to talk about the best way to achieve
>> a desired outcome - what is the desired percentage of talks
>> that should be given by women, how we will achieve that goal,
>> and when shall we achieve that goal?
>>
>> thanks,
>> Andrew
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>
>>
>>
>>
>> --
>> Helen Gao, CISSP
>> _______________________________________________
>> Owasp-board mailing list
>> Owasp-board at lists.owasp.org <mailto:Owasp-board at lists.owasp.org>
>> https://lists.owasp.org/mailman/listinfo/owasp-board
>
>
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20150301/3be1c2ee/attachment-0001.html>
More information about the Owasp-board
mailing list